Hello, I'm running into a strange problem with two of our machines. cfrun from the "server" returns the error
Host authentication failed. Did you forget the domain name or IP/DNS address registration (for ipv4 or ipv6)? Now on the client side (cfservd -d 2): | Checking file updates on /local/var/cfengine/inputs/cfservd.conf (42272089/422720ed) | IPV4 address | sockaddr_ntop(10.65.33.184) | Obtained IP address of 10.65.33.184 on socket 5 from accept | | FuzzyItemIn(LIST,10.65.33.184) | Purging Old Connections... | Done purging | | FuzzyItemIn(LIST,10.65.33.184) | Prepending [10.65.33.184] | *** New socket [5] | New connection...(from 10.65.33.184/5) | Spawning new thread... | RecvSocketStream(8) | (Concatenated 8 from stream) | Transaction Receive [t 37][] | RecvSocketStream(37) | (Concatenated 37 from stream) | Received: [CAUTH 10.65.33.184 forge.br.de root 0] on socket 5 | Connecting host identifies itself as 10.65.33.184 forge.br.de root 0 | (ipstring=[10.65.33.184],fqname=[forge.br.de],username=[root],socket=[10.65.33.184]) | cfservd: Allowing 10.65.33.184 to connect without (re)checking ID | Non-verified Host ID is forge.br.de (Using skipverify) | Non-verified User ID seems to be root (Using skipverify) | IPV4 address | sockaddr_ntop(10.65.33.184) | Found address (10.65.33.184) for host forge.br.de | Updating last-seen time for forge.br.de | RecvSocketStream(8) | (Concatenated 8 from stream) | Transaction Receive [t 280][] | RecvSocketStream(280) | (Concatenated 280 from stream) | Received: [SAUTH y 256 37] on socket 5 | [...] | Exponent: 35 (0x23) | OptionIs(server,HostnameKeys,1) | GetMacroValue(server,HostnameKeys) | Havekey(root-10.65.33.184) | Loaded /local/var/cfengine/ppkeys/root-10.65.33.184.pub | A public key was already known from forge.br.de/10.65.33.184 - no trust requiredAdding IP 10.65.33.184 to SkipVerify - no need to check this if we have a key | Prepending [10.65.33.184] | The public key identity was confirmed as [EMAIL PROTECTED] | Transaction Send[t 16][Packed text] | Attempting to send 24 bytes | SendSocketStream, sent 24 | Transaction Send[t 16][Packed text] | Attempting to send 24 bytes | SendSocketStream, sent 24 | ChecksumString(m) | Transaction Send[t 256][Packed text] | Attempting to send 264 bytes | SendSocketStream, sent 264 | RecvSocketStream(8) | (Concatenated 8 from stream) | Transaction Receive [t 16][] | RecvSocketStream(16) | (Concatenated 16 from stream) | cfservd: Strong authentication of client forge.br.de/10.65.33.184 achieved | RecvSocketStream(8) | (Concatenated 8 from stream) | Transaction Receive [t 16][] | RecvSocketStream(16) | (Concatenated 16 from stream) | Got a session key... | RecvSocketStream(8) | (Concatenated 8 from stream) | Transaction Receive [t 6][] | RecvSocketStream(6) | (Concatenated 6 from stream) | Received: [EXEC ] on socket 5 | User root is not allowed on this server | cfservd: Host authorization/authentication failed or access denied Okay, so root is not allowed on this server. But (cfservd.conf): | groups: | config_host = ( forge ) | control: | INTERNAL_HOSTS:: | domain = ( br.de ) | ipv4_195:: | domain = ( br-online.de ) | cfrunCommand = ( "/usr/sbin/cfagent" ) | IfElapsed = ( 1 ) | ExpireAfter = ( 15 ) | MaxConnections = ( 50 ) | MultipleConnections = ( true ) | AllowUsers = ( root ) | AllowConnectionsFrom = ( 10.65 195.37.215 ) | AllowMultipleConnectionsFrom = ( 10.65 195.37.215 ) | admit: | config_host:: | /local/var/cfengine/inputs 10.65 195.37.215 | /local/var/cfengine/files 10.65 195.37.215 | !config_host:: | /usr/sbin/cfagent 10.65.33.184 195.37.215.234 And this cfservd.conf works on all other clients in 10.65.49/24, except two machines. INTERNAL_HOSTS is declared and contains this subnet. cfagent started on the client works fine, though. ??? Regards, Ralph -- Ralph [EMAIL PROTECTED] | .."Text processing has made it possible Bayerischer Rundfunk...HA-Multimedia | ....to right-justify any idea, even one Rundfunkplatz 1........80300 MÃnchen | .which cannot be justified on any other Tl:089.5900.16023..Fx:089.5900.16240 | ..........grounds." -- J. Finnegan, USC
pgp1UDvrYymRi.pgp
Description: PGP signature
_______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
